CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-6155 20 DoS 2019-04-22 2019-10-09
7.8
None Remote Low Not required None None Complete
A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
2 CVE-2019-4558 74 2019-10-09 2019-10-11
7.2
None Local Low Not required Complete Complete Complete
A security vulnerability has been identified in all levels of IBM Spectrum Scale V5.0.0.0 through V5.0.3.2 and IBM Spectrum Scale V4.2.0.0 through V4.2.3.17 that could allow a local attacker to obtain root privilege by injecting parameters into setuid files.
3 CVE-2019-4483 89 Sql 2019-08-20 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.
4 CVE-2019-4481 89 Sql 2019-08-20 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.
5 CVE-2019-4448 264 Exec Code 2019-08-26 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.
6 CVE-2019-4447 264 Exec Code 2019-08-26 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.
7 CVE-2019-4357 264 Exec Code 2019-07-01 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,
8 CVE-2019-4322 119 Exec Code Overflow 2019-07-01 2019-07-03
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.
9 CVE-2019-4294 77 Exec Code 2019-08-20 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.
10 CVE-2019-4267 119 Exec Code Overflow 2019-07-22 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200.
11 CVE-2019-4253 264 +Priv 2019-08-20 2019-09-03
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.
12 CVE-2019-4227 384 2019-10-04 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.
13 CVE-2019-4183 400 DoS 2019-09-17 2019-10-09
7.8
None Remote Low Not required None None Complete
IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.
14 CVE-2019-4155 264 2019-04-08 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.
15 CVE-2019-4154 119 Exec Code Overflow 2019-07-01 2019-07-04
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.
16 CVE-2019-4103 264 Exec Code 2019-06-17 2019-10-09
7.7
None Local Network Low Single system Complete Complete Complete
IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Remote code execution allow to execute arbitrary code on system which lead to take control over the system. IBM X-Force ID: 158094.
17 CVE-2019-4094 264 2019-03-21 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.
18 CVE-2019-4088 264 +Priv 2019-07-02 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511.
19 CVE-2019-4078 264 Exec Code 2019-05-23 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories. IBM X-Force ID: 157190.
20 CVE-2019-4057 264 Exec Code 2019-07-01 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.
21 CVE-2019-4032 89 Sql 2019-03-05 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998.
22 CVE-2019-4016 119 Exec Code Overflow 2019-03-11 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.
23 CVE-2019-4015 119 Exec Code Overflow 2019-03-11 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.
24 CVE-2019-4014 119 Exec Code Overflow 2019-04-03 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.
25 CVE-2019-4012 89 Sql 2019-04-15 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886.
26 CVE-2018-1998 74 Exec Code 2019-03-11 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.
27 CVE-2018-1994 89 Sql 2019-04-10 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.
28 CVE-2018-1980 119 Exec Code Overflow 2019-03-11 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.
29 CVE-2018-1978 119 Exec Code Overflow 2019-03-11 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.
30 CVE-2018-1936 119 Exec Code Overflow 2019-04-03 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.
31 CVE-2018-1904 502 Exec Code 2018-12-11 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.
32 CVE-2018-1903 2019-04-10 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.
33 CVE-2018-1851 502 Exec Code 2018-10-31 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.
34 CVE-2018-1834 59 2018-11-08 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.
35 CVE-2018-1818 798 2018-12-13 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Security Guardium 10 and 10.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 150022.
36 CVE-2018-1796 264 +Priv 2019-08-20 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
37 CVE-2018-1792 94 Exec Code 2018-11-13 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
38 CVE-2018-1784 20 Sql 2018-12-20 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.
39 CVE-2018-1781 59 2018-11-08 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.
40 CVE-2018-1780 59 2018-11-08 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.
41 CVE-2018-1771 119 Exec Code Overflow 2018-12-20 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.
42 CVE-2018-1745 287 2018-10-11 2019-10-09
7.8
None Remote Low Not required None None Complete
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424.
43 CVE-2018-1742 798 2018-10-08 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421.
44 CVE-2018-1712 352 2018-08-16 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
45 CVE-2018-1636 119 Exec Code Overflow 2019-08-20 2019-09-03
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
46 CVE-2018-1635 119 Exec Code Overflow 2019-08-20 2019-09-03
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
47 CVE-2018-1634 264 +Priv 2019-08-20 2019-09-03
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
48 CVE-2018-1633 264 +Priv 2019-08-20 2019-09-03
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
49 CVE-2018-1632 264 +Priv 2019-08-20 2019-09-03
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
50 CVE-2018-1631 264 +Priv 2019-08-20 2019-09-03
7.2
None Local Low Not required Complete Complete Complete
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.
Total number of vulnerabilities : 563   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.